Merge remote-tracking branch 'parent/stable-4.3' into upstream-20241005

app/lib/activitypub/activity/create.rb

@@ -48,6 +48,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   def process_status
     @tags                 = []
     @mentions             = []
+    @unresolved_mentions  = []
     @silenced_account_ids = []
     @params               = {}
     @raw_mention_uris     = []
@@ -66,6 +67,7 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     end
 
     resolve_thread(@status)
+    resolve_unresolved_mentions(@status)
     fetch_replies(@status)
     process_conversation! if @status.limited_visibility?
     process_references!
@@ -266,6 +268,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     return if account.nil?
 
     @mentions << Mention.new(account: account, silent: false)
+  rescue Mastodon::UnexpectedResponseError, HTTP::TimeoutError, HTTP::ConnectionError, OpenSSL::SSL::SSLError
+    @unresolved_mentions << tag['href']
   end
 
   def process_emoji(tag)
@@ -396,6 +400,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     ThreadResolveWorker.perform_async(status.id, in_reply_to_uri, { 'request_id' => @options[:request_id] })
   end
 
+  def resolve_unresolved_mentions(status)
+    @unresolved_mentions.uniq.each do |uri|
+      MentionResolveWorker.perform_in(rand(30...600).seconds, status.id, uri, { 'request_id' => @options[:request_id] })
+    end
+  end
+
   def fetch_replies(status)
     collection = @object['replies']
     return if collection.blank?

app/lib/vacuum/imports_vacuum.rb

@@ -9,10 +9,10 @@ class Vacuum::ImportsVacuum
   private
 
   def clean_unconfirmed_imports!
-    BulkImport.state_unconfirmed.where(created_at: ..10.minutes.ago).reorder(nil).in_batches.delete_all
+    BulkImport.state_unconfirmed.where(created_at: ..10.minutes.ago).in_batches.delete_all
   end
 
   def clean_old_imports!
-    BulkImport.where(created_at: ..1.week.ago).reorder(nil).in_batches.delete_all
+    BulkImport.where(created_at: ..1.week.ago).in_batches.delete_all
   end
 end

app/lib/web_push_request.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+class WebPushRequest
+  SIGNATURE_ALGORITHM = 'p256ecdsa'
+  AUTH_HEADER = 'WebPush'
+  PAYLOAD_EXPIRATION = 24.hours
+  JWT_ALGORITHM = 'ES256'
+  JWT_TYPE = 'JWT'
+
+  attr_reader :web_push_subscription
+
+  delegate(
+    :endpoint,
+    :key_auth,
+    :key_p256dh,
+    to: :web_push_subscription
+  )
+
+  def initialize(web_push_subscription)
+    @web_push_subscription = web_push_subscription
+  end
+
+  def audience
+    @audience ||= Addressable::URI.parse(endpoint).normalized_site
+  end
+
+  def authorization_header
+    [AUTH_HEADER, encoded_json_web_token].join(' ')
+  end
+
+  def crypto_key_header
+    [SIGNATURE_ALGORITHM, vapid_key.public_key_for_push_header].join('=')
+  end
+
+  def encrypt(payload)
+    Webpush::Encryption.encrypt(payload, key_p256dh, key_auth)
+  end
+
+  private
+
+  def encoded_json_web_token
+    JWT.encode(
+      web_token_payload,
+      vapid_key.curve,
+      JWT_ALGORITHM,
+      typ: JWT_TYPE
+    )
+  end
+
+  def web_token_payload
+    {
+      aud: audience,
+      exp: PAYLOAD_EXPIRATION.from_now.to_i,
+      sub: payload_subject,
+    }
+  end
+
+  def payload_subject
+    [:mailto, contact_email].join(':')
+  end
+
+  def vapid_key
+    @vapid_key ||= Webpush::VapidKey.from_keys(
+      Rails.configuration.x.vapid_public_key,
+      Rails.configuration.x.vapid_private_key
+    )
+  end
+
+  def contact_email
+    @contact_email ||= ::Setting.site_contact_email
+  end
+end